Consumer Privacy Bill of Rights
Overview The Consumer Privacy Bill of Rights (CPBR) was proposed by the Obama Administration in a January 2012 Report titled "Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy." The CPBR applies to personal data, which means any data, including aggregations of data, which is linkable to a specific individual. Personal data may include data that is linked to a specific computer or other device. The CPBR addresses commercial (not public sector) uses of personal data. The Obama Administration supports Federal legislation that adopts the principles of the Consumer Privacy Bill of Rights. Enacting the Consumer Privacy Bill of Rights through Federal legislation would increase legal certainty for companies, strengthen consumer trust, and bolster the United States’ ability to lead consumer data privacy engagements with the U.S.'s international partners. Even without legislation, the Administration plans to convene multi-stakeholder processes that use these rights as a template for codes of conduct that are enforceable by the Federal Trade Commission. These elements — the Consumer Privacy Bill of Rights, codes of conduct, and strong enforcement — will increase interoperability between the U.S. consumer data privacy framework and those of the U.S.'s international partners. The CPBR provides general principles that afford companies discretion in how they implement them. This flexibility will help promote innovation. Flexibility will also encourage effective privacy protections by allowing companies, informed by input from consumers and other stakeholders, to address the privacy issues that are likely to be most important to their customers and users, rather than requiring companies to adhere to a single, rigid set of requirements. The principles embodied in CPBR can be divided into two categories. First, there are obligations for data holders, analyzers, or commercial users. These are passive from the consumer's standpoint — the obligations should be met whether or not the consumer knows, cares, or acts. Second, and different, there are consumer empowerments, things that the consumer should be empowered to initiate actively. It is useful here to rearrange the CPBR's principles by category. In the category of obligations are these elements: * Respect for Context: Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data. * Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain. * Security: Consumers have a right to secure and responsible handling of personal data. * Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights. In the category of consumer empowerments are these elements: * Individual Control: Consumers have a right to exercise control over what personal data companies collect from them and how they use it. * Transparency: Consumers have a right to easily understandable and accessible information about privacy and security practices. * Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data are inaccurate. The Consumer Privacy Bill of Rights is similar but not identical to the Fair Information Practice Principles (FIPPs). The Consumer Privacy Bill of Rights Sources * Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy, App. A, at 47-48. * "Overview" section: Big Data and Privacy: A Technological Perspective, at 43. External resources * White House, Office of the Press Secretary, "We Can't Wait: Obama Administration Unveils Blueprint for a 'Privacy Bill of Rights' to Protect Consumers Online" (Feb. 23, 2012) (full-text). Category:Privacy Category:Consumer protection Category:Data